From a10fe66c9f32e6dc1795da2f338723a5bfb78d3c Mon Sep 17 00:00:00 2001 From: Yasuo Ohgaki Date: Thu, 7 Apr 2016 16:28:19 +0900 Subject: [PATCH 1/2] Enable session_create_id() function --- ext/session/session.c | 8 ++- .../tests/session_create_id_basic.phpt | 57 +++++++++++++++++++ 2 files changed, 62 insertions(+), 3 deletions(-) create mode 100644 ext/session/tests/session_create_id_basic.phpt diff --git a/ext/session/session.c b/ext/session/session.c index eaa18c908f125..acfceafe9f0a2 100644 --- a/ext/session/session.c +++ b/ext/session/session.c @@ -2158,7 +2158,6 @@ static PHP_FUNCTION(session_regenerate_id) /* {{{ proto void session_create_id([string prefix]) Generate new session ID. Intended for user save handlers. */ -#if 0 /* This is not used yet */ static PHP_FUNCTION(session_create_id) { @@ -2195,9 +2194,7 @@ static PHP_FUNCTION(session_create_id) } smart_str_0(&id); RETVAL_NEW_STR(id.s); - smart_str_free(&id); } -#endif /* }}} */ /* {{{ proto string session_cache_limiter([string new_cache_limiter]) @@ -2468,6 +2465,10 @@ ZEND_BEGIN_ARG_INFO_EX(arginfo_session_id, 0, 0, 0) ZEND_ARG_INFO(0, id) ZEND_END_ARG_INFO() +ZEND_BEGIN_ARG_INFO_EX(arginfo_session_create_id, 0, 0, 0) + ZEND_ARG_INFO(0, prefix) +ZEND_END_ARG_INFO() + ZEND_BEGIN_ARG_INFO_EX(arginfo_session_regenerate_id, 0, 0, 0) ZEND_ARG_INFO(0, delete_old_session) ZEND_END_ARG_INFO() @@ -2552,6 +2553,7 @@ static const zend_function_entry session_functions[] = { PHP_FE(session_module_name, arginfo_session_module_name) PHP_FE(session_save_path, arginfo_session_save_path) PHP_FE(session_id, arginfo_session_id) + PHP_FE(session_create_id, arginfo_session_create_id) PHP_FE(session_regenerate_id, arginfo_session_regenerate_id) PHP_FE(session_decode, arginfo_session_decode) PHP_FE(session_encode, arginfo_session_void) diff --git a/ext/session/tests/session_create_id_basic.phpt b/ext/session/tests/session_create_id_basic.phpt new file mode 100644 index 0000000000000..490128ee9cea0 --- /dev/null +++ b/ext/session/tests/session_create_id_basic.phpt @@ -0,0 +1,57 @@ +--TEST-- +Test session_create_id() function : basic functionality +--INI-- +session.save_handler=files +--SKIPIF-- + +--FILE-- + +--EXPECTF-- +*** Testing session_create_id() : basic functionality *** +string(32) "%s" +string(36) "ABCD%s" +string(35) "XYZ%s" +string(0) "" +string(32) "%s" +bool(false) +string(35) "XYZ%s" +string(0) "" +string(35) "XYZ%s" +bool(true) +Done From f0b9e5a476bff66342322a97f97623ccfc4b760f Mon Sep 17 00:00:00 2001 From: Yasuo Ohgaki Date: Wed, 10 Aug 2016 18:06:39 +0900 Subject: [PATCH 2/2] Add collision detection --- ext/session/session.c | 15 ++++++++++++++- 1 file changed, 14 insertions(+), 1 deletion(-) diff --git a/ext/session/session.c b/ext/session/session.c index a7746cb25860a..b05e2a73282cc 100644 --- a/ext/session/session.c +++ b/ext/session/session.c @@ -2195,7 +2195,20 @@ static PHP_FUNCTION(session_create_id) } if (PS(session_status) == php_session_active) { - new_id = PS(mod)->s_create_sid(&PS(mod_data)); + int limit = 3; + while (limit--) { + new_id = PS(mod)->s_create_sid(&PS(mod_data)); + if (!PS(mod)->s_validate_sid) { + break; + } else { + /* Detect collision and retry */ + if (PS(mod)->s_validate_sid(&PS(mod_data), new_id) == FAILURE) { + zend_string_release(new_id); + continue; + } + break; + } + } } else { new_id = php_session_create_id(NULL); }